The healthcare industry is surprising: contrary to the global trend, this sector is seeing a decline in ransomware. However, at a very high (restoration) price. And: backups are a game changer. The study The State of Ransomware in Healthcare 2023 shows interesting facts.
Sophos publishes its latest ransomware report for the healthcare sector. The State of Ransomware in Healthcare 2023 also reflects the general development in cybercrime: the attacks are highly complex and targeted, data encryption is almost always the goal and, as a result, there is an explosion in costs when restoring the virus to operability.
Contrary to the global trend, the healthcare industry has seen a decline in ransomware attacks from 66 percent in 2022 to 60 percent in 2023.
Compromised access data as a gateway
Most often, compromised access data (32 percent) allows criminals to break into the systems. Exploiting vulnerabilities (29 percent) comes in second place. Email-based attacks, for example with malicious emails or phishing, are also responsible for over a third (36 percent) of all attacks in the healthcare industry. Across all industries, this approach is 30 percent.
Almost three quarters of companies in this sector have their data encrypted - the highest rate in the last three years. In 37 percent of these cases, data was also stolen. All healthcare organizations received their encrypted data back. The global average is 97 percent.
The costs of a ransomware attack include, on the one hand, the ransom payments and, on the other hand, the costs of restoring systems and data so that the organizations are fully operational again.
Ransom: 42 percent pay
The healthcare sector deviates only slightly from global, cross-industry behavior: 42 percent (versus 46 percent across sectors) paid the ransom demands to free their encrypted data. 73 percent (vs. 70 percent across sectors) trusted their backups for recovery.
The overall ransomware payment rate dropped significantly from 61 percent (2022) to 42 percent (2023). The use of backups remained almost the same (72 percent in 2022; 73 percent in 2023).
Companies with cyber insurance were more likely to pay a ransom than those without insurance. 53 percent of healthcare organizations paid with a standalone policy. In contrast to 34 percent of companies whose insurance coverage also covers cyber fraud, among other things.
Recovery costs from attacks
With an increase from $1,85 million in 2022 to $2,2 million, healthcare companies had to dig significantly deeper into their pockets in 2023 to become operational again. For comparison: in 2021, 1,27 million US dollars were enough. So within two years the restoration costs have almost doubled. There are two reasons for this: the increase in encrypted data in the event of a cyber attack on healthcare organizations, and the lack of ability to stop an attack before the data is encrypted.
Loss of income due to attacks
For 85 percent of private healthcare organizations affected by ransomware, the attack resulted in a loss of income. Companies are not alone in this, as the global, cross-sector value of 84 percent shows.
With backups you can get everything up and running cheaper and faster
Compared to paying a ransom, companies in the healthcare industry get off cheaper with their own backups for recovery: here the cost is “only” 2,11 million US dollars, compared to 2,58 million US dollars for the ransom variant. But backups have another advantage: the companies that were able to restore their data from them recovered much faster than those that received the decryption key through the ransom payment. 27 percent of respondents with backups needed more than a month to restore full operability; This figure was 40 percent for ransom payers.
Background to the study
The State of Ransomware 2023 data comes from a vendor-independent survey of 3.000 cybersecurity/IT executives, including 400 in education, conducted between January and March 2023. Respondents come from 14 countries across the Americas, EMEA and Asia Pacific. The companies interviewed employ between 100 and 5.000 people and generate sales between less than 10 million and more than 5 billion US dollars.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.